Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Form1chev' = 'wscript "%HOMEPATH%\Form1plura\Form1Gyld.vbs"'
- %WINDIR%\win.ini
- form1gyld.exe
- images.exe
- %HOMEPATH%\form1plura\form1gyld.exe
- %HOMEPATH%\form1plura\form1gyld.vbs
- %PROGRAMDATA%\images.exe
- '%HOMEPATH%\form1plura\form1gyld.exe'
- '%PROGRAMDATA%\images.exe'
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath C:\' (со скрытым окном)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath C:\